US7660918B2 - Method for switching node and an information processing system - Google Patents
Method for switching node and an information processing system Download PDFInfo
- Publication number
- US7660918B2 US7660918B2 US12/369,994 US36999409A US7660918B2 US 7660918 B2 US7660918 B2 US 7660918B2 US 36999409 A US36999409 A US 36999409A US 7660918 B2 US7660918 B2 US 7660918B2
- Authority
- US
- United States
- Prior art keywords
- access
- host
- disk device
- information
- host computers
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0637—Permissions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/0626—Reducing size or complexity of storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0629—Configuration or reconfiguration of storage systems
- G06F3/0635—Configuration or reconfiguration of storage systems by changing the path, e.g. traffic rerouting, path reconfiguration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0668—Interfaces specially adapted for storage systems adopting a particular infrastructure
- G06F3/0671—In-line storage system
- G06F3/0673—Single storage device
- G06F3/0674—Disk device
Definitions
- the present invention relates to a node switching method and an information processing system. More particularly, it relates to an I/O node-switching method and an information processing system in the following case: At the time of a failure occurrence, a processing, which is being executed by a host where the failure has occurred, is taken over to another host so as to allow another host to continue this processing.
- systems which form and support the social infrastructure are requested to exhibit a high reliability. Namely, these systems are not permitted to fall into the service interruption, i.e., the system down.
- these systems are configured as follows: Namely, devices which configure these systems, such as hosts and paths for connecting the hosts with a disk device, are formed into a dual-redundant structure. For example, even if a failure has occurred in an execution-node host, the processing is immediately switched to a standby-node host, thereby preventing the entire system from falling down for a long time. The switching operation like this is referred to as “node switching”.
- the standby-node host becomes a new execution-node host.
- an I/O access control needs to be performed so that an I/O for the disk device from the host that had previously been the execution node will be cut off, and so that the cut-off of an I/O therefor from the host that had previously been the standby node will be released. This control is needed in order to prevent a data crash caused by a case where the shared disk is accessed simultaneously by both of the nodes, i.e., the host that has newly become the execution node and the host that had previously been the execution node.
- JP-A-6-325008 As the method of performing the node switching at the host side as a result of a failure of the OS itself or that of the node switching mechanism, there has been known a technology disclosed in JP-A-6-325008.
- This conventional technology is as follows: A standby-node host, which has detected the failure, performs a reset operation for an execution-node host so as to interrupt the I/O of the execution-node host, then performing the node switching.
- the method of performing the I/O access control at the disk-device side is as follows:
- the I/O access control is performed with respect to plural paths, using the definition of a PERSISTENT RESERVE Command which exists in ANSI Standard SPC (i.e., SCSI-3 Primary Command).
- PERSISTENT RESERVE which exists in ANSI Standard SPC (i.e., SCSI-3 Primary Command).
- I/Os from a certain path are cut off, thereby canceling all the I/Os from the path which are in processing.
- This method which performs a logical-disk exclusion control on each host basis by using the PERSISTENT RESERVE, has been disclosed and known in JP-A-2000-322369.
- a path which uses the PERSISTENT RESERVE at first, registers the Reservation Key into logical disks. In this case, two ways of methods are prepared for the access control to the logical disks.
- the first access-control method is a one where only an access from a path that has applied a Reservation is permitted regardless of the presence or absence of the Reservation Key's registration.
- the second access-control method is a one where accesses from all the paths that have registered the Reservation Keys are permitted if a Reservation has been applied from a certain path. Cutting off the access from a specific host and path necessitates the specification of the Reservation Key to be cut off.
- the access control to the logical disks by the above-described first method is performed in accordance with the following steps: An execution-node host and a standby-node host have performed in advance the registration of the Reservation Keys, and the execution-node host applies the Reservation. At the time of a failure occurrence, the standby-node host specifies the Reservation Key of the execution-node host, thereby performing the cut-off operation. After that, the standby-node host applies the Reservation.
- the access control to the logical disks by the above-described second method is performed in accordance with the following steps: Only the execution-node host performs the registration of the Reservation Keys for all the paths from the execution-node host to the disk device. Meanwhile, the standby-node host performs no registration of the Reservation Key. At the time of a failure occurrence, the standby-node host performs the registration of the Reservation Keys for all the paths from the standby-node host to the disk device. Next, the standby-node host specifies all the Reservation Keys of the execution-node host, thereby performing the cut-off operations. After that, the standby-node host applies the Reservation.
- the reset for the disk device clears all the I/O requests which are in processing within a disk control device.
- SAN environment Storage Area Network
- one disk control device makes I/O requests from the plural hosts to plural logical disks. This results in a problem that the above-described method is inapplicable in the SAN environment.
- the standby-node host performs no registration of the Reservation Key and, after detecting a failure, registers the Reservation Keys to perform the I/O cut-off operations
- the standby-node host must perform these operations by the number which is equal to the number of the paths ⁇ the number of the logical disks.
- the second method is applied to a large-scale system, the number of the paths to be dealt with becomes equal to several to several tens of them, and the number of the logical disks becomes equal to several hundreds.
- the above-described object can be accomplished by a node switching method of controlling the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests.
- the node switching method includes the following steps:
- the host computers transmit access-right change commands to the disk device in advance, the access-right change commands including one piece or plural pieces of information resulting from causing I/O-enable/disable information and host identification information to correspond to each other in a one-to-one correspondence manner, the I/O-enable/disable information indicating whether or not the disk device will execute the I/O requests from the host computers, the host identification information being designed for identifying the respective host computers, and the host computers issue, to the disk device, the I/O requests to which the host computers have added the host identification information, and the disk device, in accordance with the access-right change commands from the host computers, changes in batch the I/O-enable/disable information on each host-computer basis, and simultaneously stores and holds the access-right change commands, and the disk device identifies the request-source host computers in response to the I/O requests from the host computers, and, based on the host identification information and the I/O-enable/disable information
- the above-described object can be accomplished by a node switching method of controlling the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests.
- the node switching method includes the following steps:
- the above-described object can be accomplished by an information processing system which is configured to control the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests.
- each of the host computers includes an I/O request unit for issuing the I/O request to which the I/O request unit has added host identification information for identifying the respective host computers, and an access-right change command unit for transmitting an access-right change command to the disk device, the access-right change command including one piece or plural pieces of information resulting from causing I/O-enable/disable information and the host identification information to correspond to each other in a one-to-one correspondence manner, the I/O-enable/disable information indicating whether or not the disk device will execute the I/O requests from the host computers, the disk device including an access-right management table for storing and holding the access-right change commands from the host computers, an access control unit for identifying the request-source host computers of the I/O requests, and judging the execution enablement/disablement for the I/O requests on each host-computer basis from the host identification information and the access-right management table, and an access-right change unit that, in accordance with the access-right change commands from the host computers,
- the present invention makes it possible to cut off in batch the I/O requests from a host device where a failure has occurred, and to release in batch the cut-offs of the I/O requests from a standby-node host.
- This condition allows a high-safety node switching to be executed at a high speed, thereby making it possible to shorten a service interruption time-period in a system which is requested to exhibit a high reliability.
- FIG. 1 is a block diagram for illustrating the entire configuration of an information processing system according to an embodiment of the present invention to which the present invention has been applied;
- FIG. 2 is a diagram for illustrating the configuration of an access-right management table within an access control table
- FIG. 3 is a diagram for illustrating the configuration of a path-information management table within the access control table
- FIG. 4 is a sequence diagram for explaining an operation of registering the path information into a disk device among an execution-node host, a standby-node host, and the disk device;
- FIG. 5 is a diagram for illustrating the configuration of the path information transmitted from an active-node host or the standby-node host;
- FIG. 6 is a sequence diagram for explaining the processing of I/O requests according to the embodiment of the present invention.
- FIG. 7 is a flowchart for explaining the processing operation by an access control unit 31 within the disk device in the processing sequences explained in FIG. 6 ;
- FIG. 8 is a flowchart for explaining the processing operation by the access control unit 31 when an I/O processed result is transmitted from an I/O processing unit;
- FIG. 9 is a sequence diagram for explaining in what manner the execution-node host and the standby-node host will detect failures of the partner hosts;
- FIG. 10 is a sequence diagram for explaining an access-right change processing operation when the standby-node host has detected a failure of the execution-node host;
- FIG. 11 is a diagram for illustrating the configuration of an access-right change command transmitted by the processing in the sequence 631 explained in FIG. 10 ;
- FIG. 12 is a flowchart for explaining the access-right change processing operation in an access-right change unit within the disk device in the processing sequence explained in FIG. 10 ;
- FIG. 13 is a sequence diagram for explaining a processing in the case where the execution-node host and the standby-node host make I/O requests to the disk device when the change of the access right has been performed by the processing explained in FIG. 10 ;
- FIG. 14 is a block diagram for illustrating the configuration of an information processing system according to a second embodiment of the present invention to which the present invention is applicable;
- FIG. 15 is a block diagram for illustrating the configuration of an information processing system according to a third embodiment of the present invention to which the present invention is applicable;
- FIG. 16 is a block diagram for illustrating the configuration of an information processing system according to a fourth embodiment of the present invention to which the present invention is applicable;
- FIG. 17 is a flowchart for explaining the processing operation in an access control unit within a disk device in the fourth embodiment of the present invention.
- FIG. 18 is a diagram for illustrating the configuration of an access-right management table within an access control table used in the fourth embodiment of the present invention.
- FIG. 19 is a diagram for illustrating the configuration of an access-right change command used in the fourth embodiment of the present invention.
- FIG. 20 is a block diagram for illustrating the configuration of an information processing system according to a fifth embodiment of the present invention to which the present invention is applicable.
- FIG. 1 is a block diagram for illustrating the entire configuration of an information processing system according to a first embodiment of the present invention to which the present invention has been applied.
- the reference numerals denote the following configuration components: 10 an execution-node host computer (hereinafter, simply referred to as “execution-node host”), 11 , 21 path-information transmission units, 12 , 22 failure detection units, 13 , 23 I/O request units, 14 , 24 access-right change command units, 20 a standby-node host computer (hereinafter, simply referred to as “standby-node host”), 30 a disk device, 31 an access control unit, 32 an access-right change unit, 33 a path-information change unit, 34 an I/O processing unit, 35 an access control table, 36 logical disks.
- the information processing system includes the following configuration components: The execution-node host 10 which is executing an application process, the standby-node host 20 which is on standby in a state of being capable of executing the application process, and the disk device 30 for performing I/Os in accordance with I/O requests from the execution-node host 10 and the standby-node host 20 .
- FIG. 1 connections among the execution-node host 10 , the standby-node host 20 , and the disk device 30 are illustrated such that the connections are established using different lines. The connections, however, are not limited to the different lines and may also be established using one and the same line.
- the execution-node host 10 includes the following configuration components: The path-information transmission unit 11 for transmitting path information on the hosts, the failure detection unit 12 for detecting a failure of the standby-node host 20 , the I/O request unit 13 for performing the I/O requests, and the access-right change command unit 14 for transmitting a command of the access-right change.
- the standby-node host 20 similarly, includes the path-information transmission unit 21 , the failure detection unit 22 , the I/O request unit 23 , and the access-right change command unit 24 .
- the disk device 30 includes the following configuration components: The access control unit 31 for controlling cut-offs of the I/O requests, the access-right change unit 32 for changing the access right of the disk device 30 in accordance with the commands from the hosts, the path-information change unit 33 for receiving the path information transmitted from the hosts, the I/O processing unit 34 for actually performing the processings of the I/Os, the access control table 35 for holding information for controlling accesses from the hosts, and the plural logical disks 36 resulting from logically dividing an assembly of disk drives.
- the access control table 35 includes two tables, i.e., an access-right management table 35 a and a path-information management table 35 b . Next, the explanation will be given below regarding these tables.
- FIG. 2 is a diagram for illustrating the configuration of the access-right management table 35 a within the access control table 35 .
- FIG. 3 is a diagram for illustrating the configuration of the path-information management table 35 b within the access control table 35 .
- the access-right management table 35 a is a table for managing the enablement/disablement for the accesses on each host basis, and the number of the I/Os which are in processing. Accordingly, as illustrated in FIG. 2 , the table 35 a stores host identification information, I/O-enable/disable information, and in-processing I/O number information. Moreover, the table 35 a , which holds one entry for one host, is initialized by commands from the hosts at the time of the hosts' system starting, and is updated by the access-right change commands from the hosts.
- the I/O-enable/disable information in the entry corresponding to the execution-node host is set to be “enable”, and the I/O-enable/disable information in the entry corresponding to the standby-node host is set to be “disable”.
- the path-information management table 35 b is a table for managing which of the hosts has held which of the paths. Accordingly, as illustrated in FIG. 3 , the table 35 b stores path identification information and the host identification information in a manner of being paired. Namely, the path-information management table 35 b stores, as path information, the combination of the path identification information and the host identification information.
- an example of the path identification information is N_Port ID in ANSI Standard FCP which is added to the I/O requests from the hosts for identifying logical paths from the transmission sources. Making reference to this table allows the access control on each I/O-request basis to be performed not on each path basis but on each host basis.
- FIG. 4 is a sequence diagram for explaining an operation of registering the path information into the disk device 30 among the execution-node host 10 , the standby-node host 20 , and the disk device 30 .
- the explanation will be given below concerning the path-information registration operation in the embodiment of the present invention.
- FIG. 5 is a diagram for illustrating the configuration of path information 50 transmitted from an execution-node host or the standby-node host.
- This path information 50 is the path information transmitted in the above-described sequences 601 , 603 .
- this path information 50 includes the host identification information and the path identification information from the hosts to the disk device.
- FIG. 6 is a sequence diagram for explaining the processing of I/O requests according to the embodiment of the present invention. Next, the explanation will be given below regarding this processing. The sequences indicated here are about the processing in the following case: In the state where the I/O-enablement/disablement in the access-right management table 35 a corresponding to the execution-node host 10 is set to be “enable”, and where the I/O-enablement/disablement in the access-right management table 35 a corresponding to the standby-node host 20 is set to be “disable”, the execution-node host 10 and the standby-node host 20 transmit the I/O requests to the disk device 30 .
- FIG. 7 is a flowchart for explaining the processing operation by the access control unit 31 within the disk device 30 in the processing sequences explained in FIG. 6 . Next, the explanation will be given below concerning this operation.
- FIG. 8 is a flowchart for explaining the processing operation by the access control unit 31 when the I/O processed result is transmitted from the I/O processing unit 34 .
- the processing here is the one at the time when the sequence 617 in FIG. 6 is performed.
- FIG. 9 is a sequence diagram for explaining in what manner the execution-node host 10 and the standby-node host 20 will detect failures of the partner hosts.
- the example indicated in FIG. 9 is a one where the standby-node host 20 performs the failure detection of the execution-node host 10 .
- the failure detection unit 22 of the standby-node host 20 transmits health check information to the failure detection unit 12 of the execution-node host 10 (: sequence 621 ). In response to this transmission of the health check information, if the failure detection unit 12 of the execution-node host 10 returns an error (: sequence 622 ), or makes no response within a certain time-period, the failure detection unit 22 of the standby-node host 20 judges that a failure has occurred in the execution-node host 10 .
- the sequences are basically the same as the above-described ones except that the transmission of the health check information is just performed from the failure detection unit 12 of the execution-node host 10 .
- the failure detection method is not limited to the above-described one.
- FIG. 10 is a sequence diagram for explaining an access-right change processing operation when the standby-node host 20 has detected a failure of the execution-node host 10 .
- the explanation will be given below concerning the access-right change processing at the time of a failure detection in the embodiment of the present invention.
- the above-described processing allows the cut-offs of the I/O requests from the plural hosts to be controlled in a batch manner on each host basis.
- FIG. 11 is a diagram for illustrating the configuration of the access-right change command 110 transmitted by the processing in the sequence 631 explained in FIG. 10 .
- the transmitted access-right change command 110 includes the host identification information for identifying the hosts whose access rights should be changed and the information on the I/O-enablement/disablement.
- the example illustrated in FIG. 11 is a one of transmitting the command in batch for cutting off in batch the I/O accesses from the host 1 , and for releasing in batch the cut-offs of the I/O accesses from the host 2 .
- FIG. 12 is a flowchart for explaining the access-right change processing operation by the access-right change unit 32 within the disk device 30 in the processing sequences explained in FIG. 10 . Next, the explanation will be given below regarding this operation.
- FIG. 13 is a sequence diagram for explaining a processing in the case where the execution-node host 10 and the standby-node host 20 make I/O requests to the disk device 30 when the change of the access right has been performed by the processing explained in FIG. 10 .
- the sequences indicated in FIG. 13 it turns out that, contrary to the sequences explained in FIG. 6 , an I/O request from the standby-node host 20 is permitted (: 131 , 132 ), and an I/O request from the execution-node host 10 is cut off (: 133 , 134 ).
- FIG. 14 is a block diagram for illustrating the configuration of an information processing system according to a second embodiment of the present invention to which the present invention is applicable.
- the second embodiment illustrated in FIG. 14 is an embodiment configured such that a disk device is shared by plural systems each of which includes an active-node host and a standby-node host.
- logical disks within the disk device are grouped into plural zones, and the logical disks within each zone are set in advance to deny an access from a path other than the one connected therewith.
- the present invention makes it possible to set the access right on each host basis grouped into each zone. This condition allows the co-use of the present invention with the already-existing function of zone-grouping the disk device.
- FIG. 15 is a block diagram for illustrating the configuration of an information processing system according to a third embodiment of the present invention to which the present invention is applicable.
- the third embodiment illustrated in FIG. 15 is an embodiment configured as follows: Each of an active-node host and a standby-node host is connected to a disk device via plural paths, and thus each host finds it possible to perform the load distribution by using the plural paths simultaneously.
- the present invention performs the access control on each host basis and regardless of the path number. This condition makes the present invention also applicable to the configuration like this.
- FIG. 16 is a block diagram for illustrating the configuration of an information processing system according to a fourth embodiment of the present invention to which the present invention is applicable.
- the fourth embodiment illustrated in FIG. 16 is an embodiment configured such that plural application processes are allowed to exist within one host, and such that the respective application processes use different logical disks.
- the fourth embodiment of the present invention is configured as follows: An application process 1 as an execution node and an application process 2 as a standby node are allowed to exist within a host 1 , and the application process 2 as an execution node and the application process 1 as a standby node are allowed to exist within a host 2 . Also, the application processes 1 as the execution node and the standby node are connected to one of logical disks within a disk device, and the application processes 2 as the execution node and the standby node are connected to the other logical disk within the disk device.
- the application process 1 that is operating on the host 1 as the execution node falls down, the disk device cuts off an I/O request from the application process 1 on the host 1 , and releases the cut-off of an I/O request from the application process 1 on the host 2 .
- This procedure is needed to be performed without exerting influences on an I/O request from the application process 2 that is operating on the host 1 .
- the first method is a one where identification information for identifying the application processes is added to the I/O requests. Namely, this method is as follows: This application-process identification information is added to the host identification information included in the access-right management table 35 a explained in FIG. 2 and the access-right change command 110 explained in FIG. 11 . Moreover, the application-process identification information is also added to the I/O requests that the application processes transmit. Furthermore, the processing operation by the access control unit 31 within the disk device 30 is modified as will be explained below using FIG. 17 .
- FIG. 17 is a flowchart for explaining the processing operation by the access control unit 31 within the disk device 30 in the fourth embodiment of the present invention.
- This flowchart results from adding the processing at a step 3110 to the flowchart illustrated in FIG. 7 .
- the steps other than the step 3110 are the same as those in the case of FIG. 7 .
- the execution of the processing at the step 3110 analyzes the I/O requests, thereby acquiring the application-process identification information. This allows the implementation of a comparison on each received I/O-request basis between the I/O requests and the host identification information within the access control table 35 including the application-process identification information.
- the employment of the above-described method makes it possible to implement the access control without being conscious of the paths.
- This makes the following configuration elements unnecessary: The path-information transmission units of the hosts, the path-information change unit of the disk device, the path-information management table within the access control table of the disk device, the path information that the hosts transmit to the disk device, and the path-information registration processing in FIG. 4 .
- the second method for allowing the access control on each application-process basis is as follows: Namely, in addition to the access-right change on each host basis, the access-right change is performed on each logical-disk basis simultaneously. Next, the explanation will be given below regarding this method.
- FIG. 18 is a diagram for illustrating the configuration of an access-right management table 35 aa within the access control table 35 used in the fourth embodiment of the present invention.
- FIG. 19 is a diagram for illustrating the configuration of an access-right change command 110 a used in the fourth embodiment of the present invention.
- the access-right management table 35 aa and the access-right change command 110 a within the access control table 35 used in the fourth embodiment of the present invention are configured by adding identification information for identifying the logical disks to the table 35 a and the command 110 explained in FIG. 2 and FIG. 11 each.
- the following steps allow the execution of the access control on each host basis and on each logical-disk basis: Namely, a step of retrieving entries in which path identification information included in the I/O requests coincides with the path identification information within the path-information management table 35 b illustrated in FIG. 3 , and, based on the host identification information in the entries which have coincided therewith and target logical-disk information included in the I/O requests, a step of retrieving, from the access-right management table 35 aa illustrated in FIG. 18 , entries of the access control information in which the host identification information and the logical-disk identification information coincide with each other.
- the hosts transmit the commands based on the access-right change command 110 a which, as illustrated in FIG. 19 , includes the logical disks becoming the access-right change targets, the host identification information on the hosts whose access rights are to be changed, and the access enablement/disablement information.
- the disk device changes, to “enable” or “disable”, the I/O-enable/disable information in entries in which the logical disks and the host identification information within the access-right management table 35 aa illustrated in FIG. 18 and the logical disks and the host identification information included in the access-right change command 110 a coincide with each other. This allows the implementation of the access-right changes on each host basis and on each logical-disk basis.
- the access-right change commands are performed in batch with respect to the logical-disk group that the application processes access. This permits the implementation of the access control on each application-process basis.
- the above-described first method in the fourth embodiment of the present invention requires that the application-process identification information be added to the I/O requests.
- the case of the second method permits the in-batch access control over the logical disks to be executed on each application-process basis without adding the application-process identification information to the I/O requests.
- FIG. 20 is a block diagram for illustrating the configuration of an information processing system according to a fifth embodiment of the present invention to which the present invention is applicable.
- the fifth embodiment illustrated in FIG. 20 is an embodiment configured as follows: There exist plural execution-node hosts in such a manner that, even if a failure occurs in whatever execution-node host, one standby-node host will be able to restart the execution of a processing in the execution-node host where the failure has occurred.
- the present invention performs the access control on each host basis, which makes the present invention applicable to even the configuration like this.
- processing programs can be provided in a state of being stored into storage media such as a HD, a DAT, a FD, a MO, a DVD-ROM, and a CD-ROM.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
- Hardware Redundancy (AREA)
Abstract
In an information processing system including host computers and disk devices, each of an execution-node host and a standby-node host includes an I/O request unit and an access-right change command unit. The I/O request unit issues an I/O request. The access-right change command unit transmits an access-right change command. The access-right change command results from causing I/O-enable/disable information and the host identification information to correspond to each other. The disk device includes an access control table, an access control unit, and an access-right change unit. The access control table stores information of the access-right change commands from the hosts. The access control unit judges the execution enablement/disablement for the I/O requests from the host identification information and the access control table. The access-right change unit, in accordance with the access-right change commands from the hosts, changes in batch the I/O-enable/disable information on each host basis within the access control table.
Description
This is a continuation of U.S. application Ser. No. 10/806,338, filed Mar. 23, 2004 now abandoned. This application relates to and claims priority from Japanese Patent Application No. 2003-363531, filed on Oct. 23, 2003. The entirety of the contents and subject matter of all of the above is incorporated herein by reference.
The present invention relates to a node switching method and an information processing system. More particularly, it relates to an I/O node-switching method and an information processing system in the following case: At the time of a failure occurrence, a processing, which is being executed by a host where the failure has occurred, is taken over to another host so as to allow another host to continue this processing.
Generally speaking, starting with a financial system and a securities system, systems which form and support the social infrastructure are requested to exhibit a high reliability. Namely, these systems are not permitted to fall into the service interruption, i.e., the system down. On account of this requirement, these systems are configured as follows: Namely, devices which configure these systems, such as hosts and paths for connecting the hosts with a disk device, are formed into a dual-redundant structure. For example, even if a failure has occurred in an execution-node host, the processing is immediately switched to a standby-node host, thereby preventing the entire system from falling down for a long time. The switching operation like this is referred to as “node switching”.
As described above, in the dual-redundant system, if a failure has occurred in an execution-node host and if the node switching to a standby-node host has been performed, the standby-node host becomes a new execution-node host. During the node switching and after the node switching, however, an I/O access control needs to be performed so that an I/O for the disk device from the host that had previously been the execution node will be cut off, and so that the cut-off of an I/O therefor from the host that had previously been the standby node will be released. This control is needed in order to prevent a data crash caused by a case where the shared disk is accessed simultaneously by both of the nodes, i.e., the host that has newly become the execution node and the host that had previously been the execution node.
As methods for performing the I/O access control as described above, there exists a method performed at the host side and a one performed at the disk-device side.
As the method of performing the node switching at the host side as a result of a failure of the OS itself or that of the node switching mechanism, there has been known a technology disclosed in JP-A-6-325008. This conventional technology is as follows: A standby-node host, which has detected the failure, performs a reset operation for an execution-node host so as to interrupt the I/O of the execution-node host, then performing the node switching.
The method of performing the I/O access control at the disk-device side is as follows: The I/O access control is performed with respect to plural paths, using the definition of a PERSISTENT RESERVE Command which exists in ANSI Standard SPC (i.e., SCSI-3 Primary Command). Also, I/Os from a certain path are cut off, thereby canceling all the I/Os from the path which are in processing. This method, which performs a logical-disk exclusion control on each host basis by using the PERSISTENT RESERVE, has been disclosed and known in JP-A-2000-322369. Moreover, a path which uses the PERSISTENT RESERVE, at first, registers the Reservation Key into logical disks. In this case, two ways of methods are prepared for the access control to the logical disks.
The first access-control method is a one where only an access from a path that has applied a Reservation is permitted regardless of the presence or absence of the Reservation Key's registration. The second access-control method is a one where accesses from all the paths that have registered the Reservation Keys are permitted if a Reservation has been applied from a certain path. Cutting off the access from a specific host and path necessitates the specification of the Reservation Key to be cut off.
Consequently, the access control to the logical disks by the above-described first method is performed in accordance with the following steps: An execution-node host and a standby-node host have performed in advance the registration of the Reservation Keys, and the execution-node host applies the Reservation. At the time of a failure occurrence, the standby-node host specifies the Reservation Key of the execution-node host, thereby performing the cut-off operation. After that, the standby-node host applies the Reservation.
Also, the access control to the logical disks by the above-described second method is performed in accordance with the following steps: Only the execution-node host performs the registration of the Reservation Keys for all the paths from the execution-node host to the disk device. Meanwhile, the standby-node host performs no registration of the Reservation Key. At the time of a failure occurrence, the standby-node host performs the registration of the Reservation Keys for all the paths from the standby-node host to the disk device. Next, the standby-node host specifies all the Reservation Keys of the execution-node host, thereby performing the cut-off operations. After that, the standby-node host applies the Reservation.
In the conventional-technology method of performing the above-described I/O cut-off operation at the host side, the reset for the disk device clears all the I/O requests which are in processing within a disk control device. As a consequence, in a storage area network environment (SAN environment: Storage Area Network) where plural hosts and plural disk devices are connected to each other via switches, there exists a possibility that one disk control device makes I/O requests from the plural hosts to plural logical disks. This results in a problem that the above-described method is inapplicable in the SAN environment.
Also, of the conventional-technology methods of performing the I/O cut-off operation at the disk-device side, in the first method where only an access from a host that has applied a Reservation is permitted in the PERSISTENT RESERVE Command, there exists only one path whose access is permissible. As a consequence, it is impossible to apply the first method to situations where accesses from plural paths are wished to be permitted, such as a multi-path environment where there are provided plural paths from one host to a logical disk, and a case where plural operation-node hosts exist. This results in a problem that a limitation is imposed on the configuration to which the method is applicable.
Also, in the second method where the standby-node host performs no registration of the Reservation Key and, after detecting a failure, registers the Reservation Keys to perform the I/O cut-off operations, the standby-node host must perform these operations by the number which is equal to the number of the paths×the number of the logical disks. Here, when the second method is applied to a large-scale system, the number of the paths to be dealt with becomes equal to several to several tens of them, and the number of the logical disks becomes equal to several hundreds. As a consequence, it turns out that, even if it has been found successful to be able to process each operation in several milliseconds, processing all the operations necessitate a time of order of several to several tens of seconds in total. This gives rise to a problem that this total amount of time needed leads to an increase in the service interruption time-period at the time of the failure occurrence.
It is an object of the present invention to solve the above-described problems in the conventional technologies, and to provide a node switching method and an information processing system that allow a failure-occurrence-time I/O node-switching to be executed in a shorter time even in a large-scale system where hosts, logical disks, and paths connected to a disk device are large in number.
According to the present invention, the above-described object can be accomplished by a node switching method of controlling the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests. Here, the node switching method includes the following steps: The host computers transmit access-right change commands to the disk device in advance, the access-right change commands including one piece or plural pieces of information resulting from causing I/O-enable/disable information and host identification information to correspond to each other in a one-to-one correspondence manner, the I/O-enable/disable information indicating whether or not the disk device will execute the I/O requests from the host computers, the host identification information being designed for identifying the respective host computers, and the host computers issue, to the disk device, the I/O requests to which the host computers have added the host identification information, and the disk device, in accordance with the access-right change commands from the host computers, changes in batch the I/O-enable/disable information on each host-computer basis, and simultaneously stores and holds the access-right change commands, and the disk device identifies the request-source host computers in response to the I/O requests from the host computers, and, based on the host identification information and the I/O-enable/disable information that the disk device has held, the disk device judges the execution enablement/disablement for the I/O requests on each host-computer's node basis.
Also, the above-described object can be accomplished by a node switching method of controlling the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests. Here, the node switching method includes the following steps: The host computers possess plural application processes, and the application processes transmit access-right change commands to the disk device in advance, the access-right change commands including one piece or plural pieces of information resulting from causing I/O-enable/disable information and application-process identification information to correspond to each other in a one-to-one correspondence manner, the I/O-enable/disable information indicating whether or not the disk device will execute the I/O requests from the application processes, the application-process identification information being designed for identifying the respective application processes, and, the application processes issue, to the disk device, the I/O requests to which the application processes have added the application-process identification information, and the disk device, in accordance with the access-right change commands from the application processes, changes in batch the I/O-enable/disable information on each application-process basis, and simultaneously stores and holds the access-right change commands, and the disk device identifies the request-source application processes in response to the I/O requests from the application processes, and, based on the application-process identification information and the I/O-enable/disable information that the disk device has held, the disk device judges the execution enablement/disablement for the I/O requests on each application-process's node basis.
Moreover, the above-described object can be accomplished by an information processing system which is configured to control the execution enablement/disablement for I/O requests from plural host computers to a disk device so as to perform the switching to a node which is capable of executing the I/O requests. Here, each of the host computers includes an I/O request unit for issuing the I/O request to which the I/O request unit has added host identification information for identifying the respective host computers, and an access-right change command unit for transmitting an access-right change command to the disk device, the access-right change command including one piece or plural pieces of information resulting from causing I/O-enable/disable information and the host identification information to correspond to each other in a one-to-one correspondence manner, the I/O-enable/disable information indicating whether or not the disk device will execute the I/O requests from the host computers, the disk device including an access-right management table for storing and holding the access-right change commands from the host computers, an access control unit for identifying the request-source host computers of the I/O requests, and judging the execution enablement/disablement for the I/O requests on each host-computer basis from the host identification information and the access-right management table, and an access-right change unit that, in accordance with the access-right change commands from the host computers, changes in batch the I/O-enable/disable information on each host-computer basis within the access-right management table, the disk device judging the execution enablement/disablement for the I/O requests on each host-computer's node basis, the host computers being the I/O request sources.
The present invention makes it possible to cut off in batch the I/O requests from a host device where a failure has occurred, and to release in batch the cut-offs of the I/O requests from a standby-node host. This condition allows a high-safety node switching to be executed at a high speed, thereby making it possible to shorten a service interruption time-period in a system which is requested to exhibit a high reliability.
Other objects, features and advantages of the invention will become apparent from the following description of the embodiments of the invention taken in conjunction with the accompanying drawings.
Hereinafter, referring to the drawings, the detailed explanation will be given below concerning embodiments of the node switching method according to the present invention.
The information processing system according to the first embodiment of the present invention includes the following configuration components: The execution-node host 10 which is executing an application process, the standby-node host 20 which is on standby in a state of being capable of executing the application process, and the disk device 30 for performing I/Os in accordance with I/O requests from the execution-node host 10 and the standby-node host 20. In FIG. 1 , connections among the execution-node host 10, the standby-node host 20, and the disk device 30 are illustrated such that the connections are established using different lines. The connections, however, are not limited to the different lines and may also be established using one and the same line. The execution-node host 10 includes the following configuration components: The path-information transmission unit 11 for transmitting path information on the hosts, the failure detection unit 12 for detecting a failure of the standby-node host 20, the I/O request unit 13 for performing the I/O requests, and the access-right change command unit 14 for transmitting a command of the access-right change. The standby-node host 20, similarly, includes the path-information transmission unit 21, the failure detection unit 22, the I/O request unit 23, and the access-right change command unit 24. The disk device 30 includes the following configuration components: The access control unit 31 for controlling cut-offs of the I/O requests, the access-right change unit 32 for changing the access right of the disk device 30 in accordance with the commands from the hosts, the path-information change unit 33 for receiving the path information transmitted from the hosts, the I/O processing unit 34 for actually performing the processings of the I/Os, the access control table 35 for holding information for controlling accesses from the hosts, and the plural logical disks 36 resulting from logically dividing an assembly of disk drives.
The access control table 35 includes two tables, i.e., an access-right management table 35 a and a path-information management table 35 b. Next, the explanation will be given below regarding these tables.
The access-right management table 35 a is a table for managing the enablement/disablement for the accesses on each host basis, and the number of the I/Os which are in processing. Accordingly, as illustrated in FIG. 2 , the table 35 a stores host identification information, I/O-enable/disable information, and in-processing I/O number information. Moreover, the table 35 a, which holds one entry for one host, is initialized by commands from the hosts at the time of the hosts' system starting, and is updated by the access-right change commands from the hosts. At the time of the initialization, the I/O-enable/disable information in the entry corresponding to the execution-node host is set to be “enable”, and the I/O-enable/disable information in the entry corresponding to the standby-node host is set to be “disable”.
Meanwhile, the path-information management table 35 b is a table for managing which of the hosts has held which of the paths. Accordingly, as illustrated in FIG. 3 , the table 35 b stores path identification information and the host identification information in a manner of being paired. Namely, the path-information management table 35 b stores, as path information, the combination of the path identification information and the host identification information. Here, an example of the path identification information is N_Port ID in ANSI Standard FCP which is added to the I/O requests from the hosts for identifying logical paths from the transmission sources. Making reference to this table allows the access control on each I/O-request basis to be performed not on each path basis but on each host basis.
- (1) At first, with respect to the
disk device 30, the execution-node host 10 transmits, from the path-information transmission unit 11 to the path-information change unit 33 of thedisk device 30, all the pieces of path information from the execution-node host 10 to the disk device 30 (: sequence 601). - (2) To the path-information management table 35 b within the access control table 35, the path-
information change unit 33 of thedisk device 30 adds, as one entry, the combination of the path identification information and the host identification information transmitted in the sequence 601 (: sequence 602). - (3) Similarly, with respect to the
disk device 30, the standby-node host 20 transmits, from the path-information transmission unit 21 to the path-information change unit 33 of thedisk device 30, all the pieces of path information from the standby-node host 20 to thedisk device 30. Furthermore, to the path-information management table 35 b within the access control table 35, the path-information change unit 33 adds, as one entry, the combination of the path identification information and the host identification information transmitted (:sequences 603, 604).
- (1) The I/
O request unit 13 of the execution-node host 10 transmits an I/O request to thedisk device 30. Theaccess control unit 31 of thedisk device 30 receives this transmitted I/O request. Then, from the path-information management table 35 b in the access control table 35, theunit 31 retrieves an entry which coincides with path identification information included in the I/O request, thereby determining the corresponding host identification information. Next, from the access-right management table 35 a, theunit 31 retrieves an entry which coincides with the corresponding host identification information, thereby acquiring I/O-enable/disable information in the entry which has coincided therewith. Moreover, theunit 31 updates the in-processing I/O number in the access-right management table 35 a (:sequences 611 to 613). - (2) The example explained here assumes that the I/O-enablement/disablement in the access-right management table 35 a corresponding to the execution-
node host 10 has been set to be “enable”. Namely, the I/O-enable/disable information is “enable”. Consequently, theaccess control unit 31 of thedisk device 30 transmits the I/O request to the I/O processing unit 34, then receiving an I/O processed result transmitted from the I/O processing unit 34 (:sequences 614, 615). - (3) After having received the I/O processed result transmitted from the I/
O processing unit 34, theaccess control unit 31 performs the updating of the in-processing I/O number in the access-right management table 35 a. Simultaneously, theunit 31 transmits the I/O processed result to the I/O request unit 13 of the execution-node host 10 (:sequences 616, 617). - (4) Meanwhile, if the I/
O request unit 23 of the standby-node host 20 transmits an I/O request to thedisk device 30, theaccess control unit 31 of thedisk device 30 receives this I/O request. Then, similarly with the above-described case, theunit 31 retrieves an entry which coincides with path identification information included in the I/O request, thereby determining the corresponding host identification information. Next, from the access-right management table 35 a, theunit 31 retrieves an entry which coincides with the corresponding host identification information, thereby acquiring I/O-enable/disable information in the entry which has coincided therewith. In this case, however, the I/O-enablement/disablement in the access-right management table 35 a has been set to be “disable”. Consequently, theaccess control unit 31 transmits an I/O cut-off notice to the I/O request unit 23 of the standby-node host 20 (:sequences 618 to 620).
- (1) Having received the I/O request from the I/
O request unit 13 of the execution-node host 10 or the I/O request unit 23 of the standby-node host 20, theaccess control unit 13 retrieves, from the path-information management table 35 b in the access control table 35, the entry which coincides with the path identification information included in the I/O request, thereby determining the corresponding host identification information. Next, from the access-right management table 35 a, theunit 31 retrieves the entry which coincides with the corresponding host identification information, thereby acquiring the I/O-enable/disable information in the entry which has coincided therewith (:steps 3101, 3102). - (2) Moreover, the
access control unit 31 judges whether the I/O-enable/disable information acquired has been set to be “enable” or “disable”. If the information has been set to be “disable”, theunit 31 transmits the I/O cut-off notice, which notifies that the I/O request has failed, to the I/O request unit of the host that had transmitted this I/O request (i.e., the I/O request unit 23 of the standby-node host 20 in the explained example) (:steps 3103, 3104). - (3) If, in the judgment at the
step 3103, the I/O-enable/disable information acquired has been set to be “enable”, this I/O request is permitted. Accordingly, theaccess control unit 31 increments, by 1, the in-processing I/O number in the entry in the access-right management table 35 a within the access control table 35 corresponding to the host that had transmitted this I/O request (i.e., the execution-node host 10 in the explained example) (: step 3105). - (4) After that, the
access control unit 31 transmits the command of the I/O processing requested to the I/O processing unit 34. Next, the I/O processing unit 34 performs the I/O processing to thelogical disks 36, then waiting for the I/O processed result to be transmitted (: step 3106).
- (1) The
access control unit 31 of thedisk device 30 receives, from the I/O processing unit 34, a notice that the I/O processing has been completed, and simultaneously theunit 31 receives the I/O processed result (: step 3107). - (2) Having received the notice of the I/O-processing completion, the
access control unit 31 decrements, by 1, the in-processing I/O number in the entry in the access-right management table 35 a within the access control table 35 corresponding to the host that had requested the I/O processing (i.e., the execution-node host 10 in the explained example). Next, theunit 31 transmits the I/O processed result to the I/O request unit 13 of the execution-node host 10 (:steps 3108, 3109).
As illustrated in FIG. 9 , the failure detection unit 22 of the standby-node host 20 transmits health check information to the failure detection unit 12 of the execution-node host 10 (: sequence 621). In response to this transmission of the health check information, if the failure detection unit 12 of the execution-node host 10 returns an error (: sequence 622), or makes no response within a certain time-period, the failure detection unit 22 of the standby-node host 20 judges that a failure has occurred in the execution-node host 10. If, conversely, the execution-node host 10 performs the failure detection of the standby-node host 20, the sequences are basically the same as the above-described ones except that the transmission of the health check information is just performed from the failure detection unit 12 of the execution-node host 10. Incidentally, in the present invention, the failure detection method is not limited to the above-described one.
- (1) If the standby-
node host 20 has detected a failure of the execution-node host 10, the standby-node host 20, which has detected the failure of the execution-node host 10, transmits an access-right change command 110 from the access-rightchange command unit 24 to the access-right change unit 32 of thedisk device 30. Here, the access-right change command 110 is a command for cutting off I/O accesses from the execution-node host 10, and for releasing the cut-offs of I/O accesses from the standby-node host 20 (: sequence 631). - (2) Having received the access-
right change command 110 in thesequence 631, the access-right change unit 32 of thedisk device 30 performs the following operation in order not to permit a new access from the execution-node host 10: At first, theunit 32 extracts, from the access-right change command 110, one entry in which the I/O-enablement/disablement has become “disable”. Next, theunit 32 updates, to “disable”, the I/O-enablement/disablement in the entry (i.e., the one corresponding to the execution-node host 10 in the case of the explained example) in the access-right management table 35 a within the access control table 35 whose host identification information coincides with that of the extracted one entry (: sequence 632). - (3) Also, the access-
right change unit 32 retrieves the in-processing I/O number for the cut-off host, thereby judging whether or not there exist entries in which the in-processing I/O numbers are not equal to 0. If there exists at least one such entry, theunit 32 waits for all of the in-processing I/O numbers to become equal to 0 (: sequence 633). - (4) If all of the in-processing I/O numbers have become equal to 0, the access-
right change unit 32 performs the following operation in order to perform the operation of releasing the cut-offs of the I/O accesses: Namely, theunit 32 extracts, from the access-right change command 110, one entry in which the I/O-enablement/disablement has become “enable”. Next, theunit 32 updates, to “enable”, the I/O-enablement/disablement in the entry (i.e., the one corresponding to the standby-node host 20 in the case of the explained example) in the access-right management table 35 a within the access control table 35 whose host identification information coincides with that of the extracted one entry (: sequence 634). - (5) After that, the access-
right change unit 32 confirms that all the processings for the transmitted access-right change command 110 have been terminated, then transmitting a completion notice to the access-rightchange command unit 24 of the standby-node host 20 (: sequence 635).
The above-described processing allows the cut-offs of the I/O requests from the plural hosts to be controlled in a batch manner on each host basis.
- (1) Having received the access-
right change command 110, the access-right change unit 32 of thedisk device 30 performs the following operation in order not to permit the new access from the execution-node host 10: At first, theunit 32 extracts, from the access-right change command 110, one entry in which the I/O-enablement/disablement has become “disable”. Next, theunit 32 updates, to “disable”, the I/O-enablement/disablement in the entry (i.e., the one corresponding to the execution-node host 10 in this embodiment) in the access-right management table 35 a within the access control table 35 whose host identification information coincides with that of the extracted one entry (:steps 3201 to 3203). - (2) Moreover, the access-
right change unit 32 judges whether or not, of unprocessed entries in the access-right change command 110, there further exists an entry in which the I/O-enablement/disablement has become “disable”. If there exists the entry, theunit 32, going back to the processing from thestep 3202, extracts the next entry, then performing basically the same processing. At this time, an I/O request which has been held by thedisk device 30 but whose I/O processing has been not started yet is immediately returned back to the execution-node host 10 as an error. If the execution-node host 10 has fallen down, this error response is discarded (: step 3204). - (3) The processings for all of the entries in the access-
right change command 110 in which the I/O-enablement/disablement has become “disable” are eventually terminated. Namely, in the judgment at thestep 3204, if, of the unprocessed entries in the access-right change command 110, the entries in which the I/O-enablement/disablement has become “disable” have been judged to disappear, theunit 32 retrieves, from the access-right management table 35 a within the access control table 35, the in-processing I/O numbers in all of the entries in which the I/O-enablement/disablement has become “disable” (: step 3205). - (4) Next, the access-
right change unit 32 judges whether or not, in all of the entries retrieved in the processing at thestep 3205, there exist the entries in which the in-processing I/O numbers are not equal to 0. If there exists at least one such entry, theunit 32 waits for all of the in-processing I/O numbers to become equal to 0 (: step 3206). - (5) If all of the in-processing I/O numbers have become equal to 0, and, if, in the judgment at the
step 3206, such entries have been judged to disappear, then, theunit 32 performs the following operation in order to perform the I/O-access cut-off releasing operation: Namely, theunit 32 extracts, from the access-right change command 110, the one entry in which the I/O-enablement/disablement has become “enable”. Next, theunit 32 updates, to “enable”, the I/O-enablement/disablement in the entry (i.e., the one corresponding to the standby-node host 20 in the case of the explained example) in the access-right management table 35 a within the access control table 35 whose host identification information coincides with that of the extracted one entry (:steps 3207, 3208). - (6) Furthermore, the access-
right change unit 32 judges whether or not, of the unprocessed entries in the access-right change command 110, there further exists an entry in which the I/O-enablement/disablement has become “enable”. If there exists the entry, theunit 32, going back to the processing from thestep 3207, extracts the next entry, then performing basically the same processing (: step 3209). - (7) In the judgment at the
step 3209, if, of the unprocessed entries in the access-right change command 110, the entries in which the I/O-enablement/disablement has become “enable” have been judged to disappear, it turns out that all of the processings for the transmitted access-right change command 110 have been terminated. Accordingly, the access-right change unit 32 of thedisk device 30 transmits the completion notice to the access-rightchange command unit 24 of the standby-node host 20 (: step 3210).
The above-describe embodiment of the present invention has been explained as the embodiment which results from applying the present invention to the information processing system with the configuration explained and indicated in FIG. 1 . In addition to the system with the configuration indicated in FIG. 1 , however, the present invention is also applicable to systems with various types of configurations. Next, the explanation will be given below concerning these systems.
In the system according to the fourth embodiment of the present invention, when the application processes which are existing as an execution node in each host are being executed in each host, if a failure such as an application-process down occurs in one of the hosts, the execution of the application process falling down in the host where the failure has occurred is restarted on the other host where the other application process is being executed. In such a case, even in the case of I/O requests from one and the same host, an I/O request which should be permitted and an I/O request which should not be permitted must be distinguished on each application-process basis. For example, if, in FIG. 16 , the application process 1 that is operating on the host 1 as the execution node falls down, the disk device cuts off an I/O request from the application process 1 on the host 1, and releases the cut-off of an I/O request from the application process 1 on the host 2. This procedure is needed to be performed without exerting influences on an I/O request from the application process 2 that is operating on the host 1.
The explanation has been given so far concerning the above-described embodiments of the present invention on the assumption that that the embodiments perform the access control on each host basis. In the configuration indicated as the fourth embodiment, however, the present invention can be expanded to the access control on each application-process basis. This expansion can be implemented by employing either of two methods which will be explained below:
The first method is a one where identification information for identifying the application processes is added to the I/O requests. Namely, this method is as follows: This application-process identification information is added to the host identification information included in the access-right management table 35 a explained in FIG. 2 and the access-right change command 110 explained in FIG. 11 . Moreover, the application-process identification information is also added to the I/O requests that the application processes transmit. Furthermore, the processing operation by the access control unit 31 within the disk device 30 is modified as will be explained below using FIG. 17 .
In the fourth embodiment of the present invention, the employment of the above-described method makes it possible to implement the access control without being conscious of the paths. This makes the following configuration elements unnecessary: The path-information transmission units of the hosts, the path-information change unit of the disk device, the path-information management table within the access control table of the disk device, the path information that the hosts transmit to the disk device, and the path-information registration processing in FIG. 4 .
Next, in the system configuration of the fourth embodiment of the present invention, the second method for allowing the access control on each application-process basis is as follows: Namely, in addition to the access-right change on each host basis, the access-right change is performed on each logical-disk basis simultaneously. Next, the explanation will be given below regarding this method.
Furthermore, in the second method for allowing the access control on each application-process basis in the system configuration of the fourth embodiment of the present invention, in substitution for the step 3102 explained in FIG. 7 , the following steps allow the execution of the access control on each host basis and on each logical-disk basis: Namely, a step of retrieving entries in which path identification information included in the I/O requests coincides with the path identification information within the path-information management table 35 b illustrated in FIG. 3 , and, based on the host identification information in the entries which have coincided therewith and target logical-disk information included in the I/O requests, a step of retrieving, from the access-right management table 35 aa illustrated in FIG. 18 , entries of the access control information in which the host identification information and the logical-disk identification information coincide with each other.
Also, when the hosts transmit the access-right change commands to the disk device, the hosts transmit the commands based on the access-right change command 110 a which, as illustrated in FIG. 19 , includes the logical disks becoming the access-right change targets, the host identification information on the hosts whose access rights are to be changed, and the access enablement/disablement information. The disk device changes, to “enable” or “disable”, the I/O-enable/disable information in entries in which the logical disks and the host identification information within the access-right management table 35 aa illustrated in FIG. 18 and the logical disks and the host identification information included in the access-right change command 110 a coincide with each other. This allows the implementation of the access-right changes on each host basis and on each logical-disk basis.
As described above, base on the second method in the fourth embodiment of the present invention, the access-right change commands are performed in batch with respect to the logical-disk group that the application processes access. This permits the implementation of the access control on each application-process basis.
The above-described first method in the fourth embodiment of the present invention requires that the application-process identification information be added to the I/O requests. On the other hand, the case of the second method permits the in-batch access control over the logical disks to be executed on each application-process basis without adding the application-process identification information to the I/O requests.
The above-described respective processings in the respective embodiments of the present invention can be configured as processing programs. These processing programs can be provided in a state of being stored into storage media such as a HD, a DAT, a FD, a MO, a DVD-ROM, and a CD-ROM.
It should be further understood by those skilled in the art that although the foregoing description has been made on embodiments of the invention, the invention is not limited thereto and various changes and modifications may be made without departing from the spirit of the invention and the scope of the appended claims.
Claims (2)
1. A method of controlling enablement/disablement of I/O requests from plural host computers to a disk device, said method comprising:
in said host computers,
transmitting access-right change commands to said disk device, said access-right change commands including one piece or plural pieces of information having I/O-enable/disable information and host identification information to correspond to each other in a one-to-one correspondence manner, said I/O-enable/disable information indicating whether or not said disk device will execute said I/O requests from said host computers, said host identification information identifying said respective host computers, and
issuing, to said disk device, said I/O requests to which said host computers have added said host identification information; and
in said disk device,
changing entirely said I/O-enable/disable information for each of said host computers relating to the plurality of I/O requests for plural paths held by each of said host computers between said host computers and said disk device in response to a single transmission of one of said access-right change commands from one of said host computers, and storing and holding said I/O-enable/disable information in an access-right management table,
identifying request-source host computers in response to said I/O requests from said host computers, and,
based on said host identification information and said I/O-enable/disable information held in said access-right management table, enabling or disabling said I/O requests to be executed on each host-computer's node basis.
2. An information processing system configured to control execution enablement/disablement of I/O requests from plural host computers to a disk device, comprising:
each of said host computers including:
an I/O request unit for issuing an I/O request to which said I/O request unit has added host identification information for identifying said respective host computers, and
an access-right change command unit for transmitting an access-right change command to said disk device, said access-right change command including one piece or plural pieces of information having I/O-enable/disable information and said host identification information correspond to each other in a one-to-one correspondence manner, said I/O-enable/disable information indicating whether or not said disk device will execute said I/O requests from said host computers; and
said disk device including:
an access-right management table for storing and holding said access-right change commands from said host computers,
an access control unit for identifying request-source host computers of said I/O requests, and for judging whether to enable/disable said I/O requests to be executed on each host-computer basis, based upon said host identification information and said access-right management table, and
an access-right change unit that, in accordance with said access-right change commands from said host computers within said access-right management table, changes entirely said I/O-enable/disable information for each of said host computers relating to the plurality of I/O requests for plural oaths held by each of said host computers between said host computers and said disk device in response to a single transmission of one of said access-right change commands from one of said host computers,
said disk device enabling or disabling said I/O requests on each host-computer's node basis, with said host computers being said I/O request sources.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12/369,994 US7660918B2 (en) | 2003-10-23 | 2009-02-12 | Method for switching node and an information processing system |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003363531A JP2005128781A (en) | 2003-10-23 | 2003-10-23 | System changeover method and information processing system |
JP2003-363531 | 2003-10-23 | ||
US10/806,338 US20050091419A1 (en) | 2003-10-23 | 2004-03-23 | Method for switching node and an information processing system |
US12/369,994 US7660918B2 (en) | 2003-10-23 | 2009-02-12 | Method for switching node and an information processing system |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/806,338 Continuation US20050091419A1 (en) | 2003-10-23 | 2004-03-23 | Method for switching node and an information processing system |
Publications (2)
Publication Number | Publication Date |
---|---|
US20090157915A1 US20090157915A1 (en) | 2009-06-18 |
US7660918B2 true US7660918B2 (en) | 2010-02-09 |
Family
ID=34510051
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/806,338 Abandoned US20050091419A1 (en) | 2003-10-23 | 2004-03-23 | Method for switching node and an information processing system |
US12/369,994 Expired - Fee Related US7660918B2 (en) | 2003-10-23 | 2009-02-12 | Method for switching node and an information processing system |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US10/806,338 Abandoned US20050091419A1 (en) | 2003-10-23 | 2004-03-23 | Method for switching node and an information processing system |
Country Status (2)
Country | Link |
---|---|
US (2) | US20050091419A1 (en) |
JP (1) | JP2005128781A (en) |
Families Citing this family (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060285550A1 (en) * | 2005-06-16 | 2006-12-21 | Cam-Thuy Do | Apparatus, system, and method for communicating over multiple paths |
JP4792958B2 (en) * | 2005-12-21 | 2011-10-12 | 日本電気株式会社 | Data control system, shared disk device, and disk access restriction switching method used therefor |
US7694101B2 (en) * | 2005-12-30 | 2010-04-06 | Vmware, Inc. | Implementing virtual disk reservations on a storage media for multiple distributed applications |
JP4939102B2 (en) * | 2006-04-21 | 2012-05-23 | 株式会社日立製作所 | Reliable method for network boot computer system |
JP4874847B2 (en) * | 2007-03-27 | 2012-02-15 | 株式会社東芝 | Cluster system |
JP5002296B2 (en) * | 2007-03-27 | 2012-08-15 | 株式会社東芝 | Cluster system and program |
JP5074274B2 (en) * | 2008-04-16 | 2012-11-14 | 株式会社日立製作所 | Computer system and communication path monitoring method |
CN104969235B (en) | 2013-01-31 | 2018-02-02 | 日本电气株式会社 | Network system |
US11936645B2 (en) | 2017-03-30 | 2024-03-19 | Kingston Digital, Inc. | Smart security storage system |
US10880296B2 (en) * | 2017-03-30 | 2020-12-29 | Kingston Digital Inc. | Smart security storage |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06325008A (en) | 1993-03-17 | 1994-11-25 | Hitachi Ltd | Computer system provided with reset function |
JP2000322369A (en) | 1999-03-05 | 2000-11-24 | Hitachi Ltd | Disk device and computer system using the device |
US6219771B1 (en) | 1996-08-30 | 2001-04-17 | Nec Corporation | Data storage apparatus with improved security process and partition allocation functions |
US20020083282A1 (en) | 2000-10-20 | 2002-06-27 | Kenji Yoshino | Data processing device, data storage device, data processing method, and program providing medium |
US20030126225A1 (en) | 2001-12-28 | 2003-07-03 | Camble Peter Thomas | System and method for peripheral device virtual functionality overlay |
US20030221124A1 (en) | 2002-05-23 | 2003-11-27 | International Business Machines Corporation | File level security for a metadata controller in a storage area network |
US6820168B2 (en) | 2001-01-25 | 2004-11-16 | Hitachi, Ltd. | Storage system and virtual private volume control method |
-
2003
- 2003-10-23 JP JP2003363531A patent/JP2005128781A/en active Pending
-
2004
- 2004-03-23 US US10/806,338 patent/US20050091419A1/en not_active Abandoned
-
2009
- 2009-02-12 US US12/369,994 patent/US7660918B2/en not_active Expired - Fee Related
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH06325008A (en) | 1993-03-17 | 1994-11-25 | Hitachi Ltd | Computer system provided with reset function |
US6219771B1 (en) | 1996-08-30 | 2001-04-17 | Nec Corporation | Data storage apparatus with improved security process and partition allocation functions |
JP2000322369A (en) | 1999-03-05 | 2000-11-24 | Hitachi Ltd | Disk device and computer system using the device |
US20020083282A1 (en) | 2000-10-20 | 2002-06-27 | Kenji Yoshino | Data processing device, data storage device, data processing method, and program providing medium |
US6820168B2 (en) | 2001-01-25 | 2004-11-16 | Hitachi, Ltd. | Storage system and virtual private volume control method |
US20030126225A1 (en) | 2001-12-28 | 2003-07-03 | Camble Peter Thomas | System and method for peripheral device virtual functionality overlay |
US20030221124A1 (en) | 2002-05-23 | 2003-11-27 | International Business Machines Corporation | File level security for a metadata controller in a storage area network |
Also Published As
Publication number | Publication date |
---|---|
JP2005128781A (en) | 2005-05-19 |
US20090157915A1 (en) | 2009-06-18 |
US20050091419A1 (en) | 2005-04-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7660918B2 (en) | Method for switching node and an information processing system | |
US6725295B2 (en) | Multi-path computer system | |
US7272674B1 (en) | System and method for storage device active path coordination among hosts | |
US8423816B2 (en) | Method and computer system for failover | |
US6389555B2 (en) | System and method for fail-over data transport | |
US6654902B1 (en) | Persistent reservation IO barriers | |
JP4299474B2 (en) | Method, system, and medium for selecting a preferred path to a storage device | |
EP1760591B1 (en) | System and method of managing access path | |
US7194662B2 (en) | Method, apparatus and program storage device for providing data path optimization | |
US7650446B2 (en) | Storage system for back-end communications with other storage system | |
US7921325B2 (en) | Node management device and method | |
US7406039B2 (en) | System and method for a failover protocol in storage area network controllers | |
US7293194B2 (en) | Method and device for switching database access part from for-standby to currently in use | |
US8589642B2 (en) | Computer system duplicating writes by synchronous remote copy with multiple host computers using heterogeneous operating systems | |
EP2071469B1 (en) | Communication processing method, device and program | |
EP1357465A2 (en) | Storage system having virtualized resource | |
US20050289390A1 (en) | Failover method for a cluster computer system | |
JP2006504186A (en) | System with multiple transmission line failover, failback and load balancing | |
JP2002063063A (en) | Storage area network managing system | |
GB2515554A (en) | Maintaining computer system operability | |
KR20030067712A (en) | A method of improving the availability of a computer clustering system through the use of a network medium link state function | |
US20090204733A1 (en) | Path maintenance mechanism | |
JP3957065B2 (en) | Network computer system and management device | |
US20080215767A1 (en) | Storage usage exclusive method | |
US20080244306A1 (en) | Storage system and management method for the same |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
FEPP | Fee payment procedure |
Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY |
|
FPAY | Fee payment |
Year of fee payment: 4 |
|
FEPP | Fee payment procedure |
Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.) |
|
LAPS | Lapse for failure to pay maintenance fees |
Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.) |
|
STCH | Information on status: patent discontinuation |
Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362 |
|
FP | Lapsed due to failure to pay maintenance fee |
Effective date: 20180209 |